Stop the attacker’s offense, don’t do defense

Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.

Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.

To stop offense, you switch your mindset: instead of thinking about your vulnerabilities, you look for the attacker’s weak points and go after them to shut down the operation. In essence, you figure out how the enemy is working and use this to your advantage, a concept I like to call the house of cards approach to attack detection.